Sorry for my english.
I was trying to forward port 80 from my vagrant box to host machine (OS X) and got this message
"The forwarded port to 80 is already in use on the host machine."
So, in order to figure out which program uses port 80 i ran this:
➜ ~ sudo lsof -n -i:80 | grep LISTEN
➜ ~
However, as you can see, it shows nothing.I have also tried netstat, but result was the same. Then i tried to use netcat + tcpdump to look at tcp session:
➜ ~ nc -vvv 127.0.0.1 80
Connection to 127.0.0.1 80 port [tcp/http] succeeded!
➜ ~
In another window:
➜ ~ sudo tcpdump -ni lo0 port 80
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo0, link-type NULL (BSD loopback), capture size 65535 bytes
00:03:47.019805 IP 127.0.0.1.50666 > 127.0.0.1.80: Flags [S], seq 2187569264, win 65535, options [mss 16344,nop,wscale 4,nop,nop,TS val 194193524 ecr 0,sackOK,eol], length 0
00:03:47.019834 IP 127.0.0.1.80 > 127.0.0.1.50666: Flags [R.], seq 0, ack 2187569265, win 0, length 0
So it looks like the port is closed, because it immediately sent RESET flag, but why did nc show that connection was successful and lsof show nothing.
I'm really confused. Can anyone tell me what is going on, or what am i doing wrong?
I can provide additional information if needed.
Thanks!
Looks like that's firewall reset connection.
Turn off Avast WebShield if it exists.
Related
elasticsearch==7.10.0
I wish to ping local host '5601' to ensure kibana is running or not but apparently unable to ping.
Note: I am aware that elastic search has in-built function to ping but I still wish to ping using cmd line for a specific reason in my project.
C:\User>ping 5601
Pinging f00:b00:f00:b00 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for f00:b00:f00:b00:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
C:\User>ping http://localhost:5601
Ping request could not find host http://localhost:5601. Please check the name and try again.
Could someone help me?
You can use netstat to check if the port exposed by the Kibana UI, 5061 is in LISTEN mode
$ netstat -tlpn | grep 5601
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::5601 :::* LISTEN -
Or if you want to establish a connection to destination port 5601 you can use nc
$ nc -vz localhost 5601
Connection to localhost 5601 port [tcp/*] succeeded!
given a netstat output, how can i display the selected open ports grouped by process?
what i got so far:
:~# netstat -tnlp | awk '/25|80|443|465|636|993/ {proc=split($7,pr,"/"); port=split($4,po,":"); print pr[2], po[port]}'
haproxy 636
haproxy 993
haproxy 993
haproxy 465
haproxy 465
exim4 25
apache2 80
exim4 25
apache2 443
desired output (in one line):
apache2 (80 443), exim4 (25), haproxy (465 636 993)
please note:
i have duplicated lines because they listen on different IPs, but i only need one (sort -u is ok)
if possible, id like to sort by process and then by port
the main goal is to have this single line displayed to the user on ssh logon, using motd (i got this part covered)
netstat -tnlp|awk '/25|80|443|465|636|993/ {proc=split($7,pr,"/"); port=split($4,po,":"); print pr[2], po[port]}'|sort|uniq|awk '{a[$1]=a[$1](" "$2" "$3)}END{for (i in a) printf "%s (%s),",i,a[i]}'
try this, Later addition
sort|uniq|awk '{a[$1]=a[$1](" "$2" "$3)}END{for (i in a) printf "%s (%s),",i,a[i]}'
I want to execute the following shell script
system('echo "
rdr pass on lo0 inet proto tcp from any to 192.168.99.1 port 80 -> 192.168.99.1 port 8080
rdr pass on lo0 inet proto tcp from any to 192.168.99.1 port 443 -> 192.168.99.1 port 4443
" | sudo pfctl -ef - > /dev/null 2>&1; echo "==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf"'
)
This works fine, i now want to pass the IP address loaded from a YAML file, i tried the following
config.yaml
configs:
use: 'home'
office:
public_ip: '192.168.99.2'
home:
public_ip: '192.168.99.1'
Vagrantfile
require 'yaml'
current_dir = File.dirname(File.expand_path(__FILE__))
configs = YAML.load_file("#{current_dir}/config.yaml")
vagrant_config = configs['configs'][configs['configs']['use']]
system('echo "
rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 80 -> '+vagrant_config['public_ip']+' port 8080
rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 443 -> '+vagrant_config['public_ip']+' port 4443
" | sudo pfctl -ef - > /dev/null 2>&1; echo "==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf"'
)
The second method does not work, nor it shows any error, can someone point me to the right direction, what i want is to read public_ip dynamically from config file or variable
Thanks
UPDATE 1
I get the following output
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: pf already enabled
What can be possibly wrong?
For troubleshooting purposes, it would be wise to output the command you're going to run prior to sending it out to system.
cmd = 'echo "
rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 80 -> '+vagrant_config['public_ip']+' port 8080
rdr pass on lo0 inet proto tcp from any to '+vagrant_config['public_ip']+' port 443 -> '+vagrant_config['public_ip']+' port 4443
" | sudo pfctl -ef - > /dev/null 2>&1; echo "==> Fowarding Ports: 80 -> 8080, 443 -> 4443 & Enabling pf"'
puts "Command to run:\n\n#{cmd}"
system( cmd )
Then, it would be wise to make the output from the system command visible. To make sure you get this feedback, I suggest you replace
sudo pfctl -ef - > /dev/null 2>&1
with (adding '-v' for more verbose output - pfctl man page)
sudo pfctl -efv -
and then look for the output and/or error messages.
Then, once the bugs are sorted out, you can put it back into stealthy, quiet mode :D
Also, since you are running with sudo you'll need to make sure the shell you're running within has sudo privileges and also make sure you're not being prompted for a password unknowingly.
I have set the default localhost server to run on my MAC with apache with the default settings. I can access the local server using localhost and the IP from the server it self but cannot access from another PC using the IP connected on the same WIFI network with a simple router.
I have disabled the firewall on mac but nothing.
This is my /etc/hosts file:
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
The mac IP on wifi is 192.168.10.102, the other PC IP is 192.168.10.105
Apache is set to listen on port 80, http.conf
Listen 80
sudo tcpdump -i en0 result:
15:35:28.384152 IP 192.168.10.105.63630 > 192.168.10.102.http: Flags [S], seq 2700046236, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:35:28.674606 IP 192.168.10.105.63631 > 192.168.10.102.http: Flags [S], seq 3459374519, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:35:29.335909 IP 192.168.10.102.51270 > 192.168.10.1.domain: 50623+ PTR? 103.10.168.192.in-addr.arpa. (45)
15:35:29.343300 IP 192.168.10.1.domain > 192.168.10.102.51270: 50623 NXDomain* 0/1/0 (95)
15:35:29.593550 IP 192.168.10.105.netbios-dgm > 192.168.10.255.netbios-dgm: NBT UDP PACKET(138)
15:35:30.345378 IP 192.168.10.102.58188 > 192.168.10.1.domain: 60091+ PTR? 255.10.168.192.in-addr.arpa. (45)
15:35:30.352597 IP 192.168.10.1.domain > 192.168.10.102.58188: 60091 NXDomain* 0/1/0 (95)
15:35:31.337113 ARP, Request who-has 192.168.10.102 tell 192.168.10.1, length 28
NOTE
While restarting the MAC computer for a couple of seconds I am able to access the localhost server with IP from the other computer...
Also the MAC has installed Symanctec End Point Protection which I cannot find a way to disable it even I have sudo permissions.
Any ideas?
After loosing almost 1 day and a half I found that Endpoint Security of Symantec blocked incomming connections. I came across this script that saved my days (disables service):
https://gist.github.com/phoob/671e65332c86682d5674
Also this is valid:
https://gist.github.com/bubenkoff/4043130
Hope helps some one other.
I am using lsof to check connections to a remote Tibco server(7000). I am using this command..
line
lsof -p 4567 | grep TCP | grep 7000
java 4446 app 319u IPv6 9150778 0t0 TCP localhost:49756->test-tibco-test.com:ramp (ESTABLISHED)
java 4446 app 325u IPv6 9150793 0t0 TCP localhost:49756->test-tibco-test.com:54561->dfw-tibco-vems1.prod.walmart.com:7000 (ESTABLISHED)
What does the "ramp" mean in the first output?
lsof translates "well-known" port numbers to human readable string (e.g., 25 -> smtp, 80 -> http etc.). Per http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml, "ramp" should mean port 7227 (the "Registry A & M Protocol").
Note that this only means that port 7227 is being used, not that you actually have the "Registry A & M Protocol" (whatever that is) running on that port. Most likely, somebody configured a TIBCO EMS server to use port 7227 (its default port is 7222 and many people start counting upwards from there if they need multiple servers with different ports running on the same machine).
You can add the option -P (capital letter P) to your lsof command to avoid this translation of port numbers into human readable names.